Internet security news network

ABSTRACT

A system and method are disclosed for collecting, analyzing, verifying, producing, and broadcasting security data. Internet security-related information may be broadcast continuously from a data center over a broadcast channel, such as a webcast. As additional security related information is received at the data center, the data is analyzed and video content is produced to describe the incoming data. Video content may take the form of urgent near real-time security alerts, or pre-scheduled programs describing recent news and developments related to internet security. In an alternative embodiment, security news alerts are multi-cast to a selected group of users and the news alert data encrypted so that the group of users may trust its source.

This application claims priority to U.S. Provisional Patent ApplicationNo. 60/736,321 filed on Nov. 15, 2005 and entitled “INTERNET SECURITYNEWS NETWORK.” Said provisional U.S. application is incorporated hereinby reference in its entirety for all purposes.

This application is related to the co-pending U.S. application Ser. No.11/321,060 entitled “Internet Security Updates Via Mobile Phone Videos,”filed Dec. 30, 2005, the contents of which are hereby incorporated byreference in their entirety for all purposes.

BACKGROUND

The present invention relates to the field of internet security and,more particularly, to the field of collecting internet security newsdata and, as soon as possible thereafter, providing multi-cast orbroadcast internet security alerts to internet users.

Information technology (IT) professionals rely on receiving current andaccurate system and network security information. A security threat onthe network, such as an internet virus outbreak or an intrusion onto aprivate network, must be detected and acted upon quickly to protect theresources on the system. Less urgent information such as security tipsand techniques from experts, news, and internet “traffic” and “weather”data may be equally valuable. Many common systems provide passivenotifications, such as web pages, which are updated by an administratorwhen new information becomes available. A user may log on and browse tothe web page to view the current network status and a listing of currentor past security alerts. Active notifications may also be sent tosubscribers through electronic mail (email), pager, voice mail, fax,SMS, or instant messaging. Such notifications may arrive in asubscriber's mailbox, in the case of email or voice mail, or may bepresented on the subscriber's computer terminal. However, the source ofthe presented information may be questionable or unreliable and so notbe trusted by the user or discarded as SPAM.

When system or network security-relation data is identified as valuableto customers, a short video segment may be prepared and posted to awebsite for customers to find and watch. Similarly, when time-sensitivesecurity information is received, a forensic analysts may review theinformation before posting an alert on a website for customers tomonitor, or reporting this information by phone to specifically affectedcustomers. The need to rapidly disseminate this information to usersoften prevents the production of high-quality multimedia data. Instead,simple text, HTML, or the like are used to convey current securityinformation. Rich multimedia content on such topics, if generated atall, may only be generated much later, after recording and producingvideo to convey the information.

Accordingly, there is a need to provide more current network securityinformation that is reliable and can be trusted, including nearreal-time video information describing security events and networkstatus. Current systems may not sufficiently provide multimedia contentto currently, reliably and accurately describe an event, such as asystem or network status update, and current internet security threat,or related breaking news item. Such multimedia data may be merely postedpassively for users to observe, or may instead be transmitted tosubscribers only after the lengthy production of a multimediapresentation.

SUMMARY

According to one aspect of the present disclosure, security related datamay be received at a server or central location, such as, for example, anetwork security data center. The security related data may originatefrom internet monitoring software, information feeds, other newssources, security and industry experts, or from mobile units associatedwith the data center describing security-related news from an“on-the-scene” prospective. The source of the information may beverified and determined to be trusted before the information contentitself is forwarded on to users.

According to another aspect of the present disclosure, video content maybe produced and multi-cast or broadcast over an internet security newsnetwork (ISNN). By multi-cast, as used herein, is intended thetransmission of internet security data to a selected group of users. Bybroadcast, as used herein, is intended both multi-cast and generalbroadcast to a wide body of terminals that may or may not be users ofthe internet. Production may include verifying the source of theinternet news information, scripting, recording, and editing videosegments, such as newscasts, features, interviews, and discussions withexperts. Production may also involve a forensic analyst receiving andanalyzing security-related data recently received at the data center.The forensic analyst, alone or with the assistance of a production team,may then quickly script and record a security alert or news updaterelated the new information. Thus, produced video content may bepre-produced and pre-scheduled, or rapidly created in response tochanging internet security conditions as part of a near real-timeincident response security alert (e.g. internet security alert).Consequently, a predetermined group of users of the internet newsinformation may receive multi-cast transmissions of the security newsalerts and these may be provided over secure transmission facilities atleast requiring a user identifier and password to retrieve.

According to another aspect of the present disclosure, the video contentmay be scheduled and broadcast as part of a continuously broadcastingnews channel. The news channel may be broadcast 24/7 over cabletelevision, satellite, or as a webcast accessible through a web portal.A default video recording or video stream may be sent to subscribersuntil a produced video segment is ready to be aired. The produced videosegment, such as a pre-scheduled feature program or a more urgentincident response security alert, may supersede the default programmingto provide more specific information about a particular topic orsecurity incident, such as an internet virus.

These and other aspects of the disclosure will be apparent uponconsideration of the following detailed description of illustrativeembodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described the invention in general terms, reference will nowbe made to the accompanying drawings, which are not necessarily drawn toscale, and wherein:

FIG. 1 is a schematic block diagram showing a system architecture, inaccordance with an embodiment of the present disclosure;

FIG. 2 is a block diagram showing an illustrative method of schedulingprogramming, in accordance with an embodiment of the present disclosure;and

FIG. 3 is a graphical screen shot showing promotional material relatingto AT&T's Internet Security News Network, in accordance with anembodiment of the present disclosure.

DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS

Illustrative embodiments will now be described more fully with referenceto the accompanying drawings. The embodiments set forth herein shouldnot be viewed as limiting; rather, these embodiments are provided merelyas examples of the concepts described herein.

FIG. 1 is an architecture diagram in accordance with certainillustrative embodiments. This example is based on the architecture ofthe AT&T Internet Security News Network (ISNN) 102, AT&T'sInternetProtect®, and AT&T's BusinessDirect® software platform. The ISNN102 may receive security-related information from a security dataprogram or other source 104. This security information may come from avariety of different local and remote sources, which may operate insidethe data center or may be transmitted from external content providers ormobile units. For example, the data center may receive informationindicating that there is a security issue caused by unauthorized use ofthe network. The data center may use highly specialized programs, whichare run and monitored by trained network analysts, to detect suchintrusions. At the data center of the ISNN 102, the personnel whomonitor the network and apply the program may be referred to as forensicanalysts, or forensic specialists. These forensic analysts may verifythe source of the internet security news through various well-knownmethods and procedures. As another example, the security data source 104may be an external internet traffic-monitoring program, whichperiodically transmits internet health and/or traffic reports to thedata center. This traffic-monitoring program may be “trusted” and itsoutput data encrypted, if necessary, to secure the data againstintrusion by hackers. In yet another example, the external security datasource 104 may include security experts who may communicate withpersonnel at the data center to provide industry news, tips andtechniques for IT professionals, or analysis and commentary related tosecurity information receives from other trusted sources 104.

Upon the receipt of security information, the productioncomponent/personnel 106 in the ISNN 102 may produce a video segment todescribe the security information. As described below, default videocontent, or “dialtone,” may be a continuous broadcast of the data centeritself, along with updated scrolling information or graphics. Thisdialtone program may be interrupted by pre-scheduled and pre-producedprograms, or near real-time alert information based on securityinformation recently received at the data center. Video segments whichare produced and ready to air may be delivered to the program schedulingcomponent/personnel 110 of the ISNN 102. Programs may be scheduled, forexample, in weekly time slots, while urgent security alerts may bescheduled to air as soon as they are produced, or may even air live asthey are recorded in the ISNN data center 102, or by a mobile productionunit 106 associated with the ISNN data center 102.

When a security alert happens, a designated forensic analyst for a givenwork shift may acquire the information about the alert and may quicklydevelop the information into a video script using a script template.This video script can be reviewed by others, before the analyst goeson-air with the information. That is, the analyst, supported by aproduction crew that may include a technical director and cameraoperator, will read the video script on camera, providing adescriptions, analysis, and commentary regarding the security alertinformation.

For example, when a forensic analyst in the data center may become awareof a new internet virus substantially affecting customer systems. Aftervalidating and analyzing the received data, the forensic analyst maywrite an alert script and record the security alert corresponding tothis information. The script may include the following information:protocols affects by the virus, definitions of key terms not commonlyknown to IT professionals, the install location of the latest virusprotection software, the install location of a patch specific to thisvirus, and other recommendations and general information relating tothis virus, or virus response in general. To give the presentation amore professional and engaging appearance, the analyst may be trained todeliver reports on camera, and may read the script from a teleprompterat a news desk configured for lighting control, audio quality, and achanging graphical background. In certain embodiments, the analyst mayuse an automated turnkey system to operate a teleprompter, camera, andgraphical background without assistance from a production staff.

In other examples, the video production components/personnel 106 of theISNN 102 may include on-location filming or audio recording. Forexample, a mobile unit, including a camera, lighting, and soundequipment, may create an incident response alert that shows a forensicanalyst on camera at a field location related to the alert report, suchas, for example, at a company affected by the internet security issue.Alternatively, a forensic analyst or expert consultant may deliver anincident response alert over the telephone, and the video segment forthe alert, produced back on the ISNN data center 102, may include thevoice playing behind still photo of analyst or expert. Alerts filmedremotely, or any program recorded from two different locations, may alsouse a split screen, with a single camera setup at each location. In oneexample, the first location may be the set of AT&T's Global NetworkOperations Center® (GNOC) studio, while the second location may be afield location.

The following is a sample script prepared by AT&T:

“Internet Protect has observed an substantial increase in the scanningof port 143/tcp. Port 143/tcp supports a common service named IMAP Mailserver. An exploit for MailEnable IMAP Service, Remote Buffer OverflowExploit v0.4 has been discovered. The MailEnable software provides anenterprise mailing platform for Microsoft Windows NT/2000/XP/2003systems. Two vulnerabilities were discovered, including a bufferoverflow and an object pointer overwrite. So, if you are listening tothis broadcast and wondering what this all means for you, then take outyour pencil and paper, and I'll tell you what's hitting your networknow, and try to summarize our recommendations. First of all, if you areusing the MailEnable software, a patch is available athttp://mailenable.com/hotfix/MEIMAPS-HF041125.zip. Install this patchimmediately. Otherwise, to avoid infection, check with the localadministrator whether the traffic to port 143/tcp can be blocked andremote users accessing email can use SSL wrapped IMAP on port 995/tcp.Make sure that all virus protection software is up to date and a fullscan is performed on all machines. Be sure that the latest patches havebeen applied to the machines. Configure your email server to block fileattachments with extensions used to spread viruses, such as .vbs, .bat,.exe, .pif and .scr. Educate users on the dangers of opening emailsand/or attachments from unknown senders/unexpected senders. Do notinstall any Internet downloads without first scanning them for virus.Establish a complex, alpha-numeric password policy”.

As is discussed below, the on-air broadcast may be a cable television,satellite, or an internet broadcast, or webcast, over a channel on awebsite monitored by customers. The video content, produced in one ofAT&T's studios, may need to be produced rapidly when the securityinformation relates to an urgent virus or other internet security issue.The content may be tailored for IT professionals, who may understandnetworks and security extremely well. These customers may monitor theweb channel and view it as their window on the latest alert information.Thus, not only will such viewers be able to read information on thewebsite, they will be personally addressed by one of AT&T's networksecurity specialists and so the content may be multicast to apredetermined group of users who have subscribed to an internet securitynews alert service.

Once a video segment is produced, an archiving component/personnel 108in the ISNN data center 102 may archive the video segment, such as apre-produced weekly security program, or a new security alert. Archivedmultimedia data may be collected in a media database 124, and may bemade subsequently searchable /retrievable by users after its initialbroadcast over the ISNN 102. This archived data may be displayed aslinks at the web portal's published web site. The productioncomponent/personnel 106 may also access the archived media content forrebroadcast and incorporation into future video segments. The mediadatabase 124, as well as other essential data of the ISNN data center102 may be periodically backed up the by the ISNN technology supportteam. This technology support team may also perform systems maintenanceand troubleshooting for the ISNN systems.

A broadcasting component/personnel 112 of the ISNN 102 is responsiblefor transmitting the video content to viewers/users/subscribers. Thisvideo broadcast may be available via DirectTV® or cable television, forexample, via Comcast®, on a standard a 24/7 programming schedule. Incertain illustrative embodiments, a subscriber address may represent theinternet address of a user terminal, or may be a physical home or workaddress, a telephone number associated with the subscribing user, atelevision channel address or other subscriber address known in the art.Subscribers may register multiple subscriber addresses that may eachreceive the broadcast, or the multiple subscriber addresses may beranked in a priority list so that if the primary subscriber address isunreachable by a broadcast or alert, the next address will be used, andso on. Such a subscriber list may be stored as part of the userpreferences, which may be stored for some, IT professionals or othersubscribers. User 114, for example, may view the ISNN 102 video contenton a cable or satellite television channel with support for on-demand,and personalized playlist capability.

The broadcasting component 112 of the ISNN 102 may include multicastingor broadcasting the video content through a web server 116, such as, forexample, the web portal for AT&T's InternetProtect®. By accessing thisweb portal, users 118, 120, and 122, may log in and/or view thecurrently broadcasting video content from the ISNN 102 over a PDA,laptop computer, desktop computer, or other device connected to theinternet without having to log in.

Computing devices may also access the web portal 116 to retrieve andview archived video content, such as previously aired video segmentswhich have been stored in the media database 124. For example, an AT&TInternetProtect® user may view the available archived video from the topmenu bar of the homepage via a menu item entitled “Video Reports.” Theuser may click on Video Reports to display a secondary page of archivedvideo reports, identical to the behavior of the “Alerts and Advisories”menu items on the same top menu bar. The secondary page with thearchived reports list may behave in the same way as the Alerts and theAdvisories pages. That is, the user can click on particular video reportin an alphanumeric list, sorted corresponding to an Alert or Advisornumber from the InternetProtect homepage.

In certain embodiments, this video content may be archived andsearchable for a proscribed period of time, after which users 118, 120,and 122 may no longer access the information via the web portal 116.This period of time may depend on the production date of theinformation, a predetermined expiration data of the information, or mayinvolve making security news and alert information available only aslong as the underlying data is still accurate.

Additionally, users 118, 120, and 122 viewing the multi-cast orbroadcast through the web portal 116 may be able to play, pause, orrewind the broadcast while they view it. Web portal broadcasts, orwebcasts, may also support links to user surveys related to technicalaspects of the ISNN 102, as well as surveys directed to the programmingcontent.

When broadcasting to customers through the web portal 116, the ISNN datacenter 102 may compile a list of user addresses that should receive thebroadcast. In certain embodiments, the users selected to receive aparticular video segment, such as for example, a specific securityalert, may not be all of the webcast receiving terminals. While in thecase of a large-scale security event, it may be desirable to immediatelynotify all subscribers/users, other security alerts may only be relevantfor particular system users. In many instances, the webcast recipientsmay be information technology (IT) professionals responsible forsecurity and stability of organizational data systems. Since differentorganizations, depending on the size and sophistication of theorganization, may have dramatically different information requirements,the criteria for selecting webcast recipients for a particular videosegment may depend on, for example, the user's system hardware,platform, server software. Other additional factors may determine whichusers receive different programs or security alerts, such as thegeographic location of the user's system, or the individual preferencesof the IT professionals representing the organization. In certainembodiments, a webcast viewer may have an opportunity to choose thecategories of alerts that they would like to receive, and may be able toregister and un-register for specific programs.

Customers with low-bandwidth equipment may be able to access the livebroadcast or archived data as audio-only presentations. For examplestreaming audio or downloaded audio, corresponding to the broadcast of asecurity alert, may be sent to a mobile device.

Referring to FIG. 2, a block diagram is shown demonstrating videocontent that may be broadcast by the network security data center. As isshown in FIG. 2, there may be at least three different components whichmay be combined into a single continuous video broadcast 220. Block 202includes the dialtone video content 204, that is, the content that willbe broadcast during periods of time when no other specific securityprogramming is scheduled, and no security alert is being reported. Thisdialtone may be, for example, a live view of the network security datacenter, such as the floor of AT&T's GNOC. The feed showing the GNOCfloor may continue until a scheduled program or security alert is readyto be broadcast, at which time the dialtone view of the GNOC floor maybe superseded, or interrupted, by the program or incident responsesecurity alert. During the dialtone video segments, in addition to theGNOC floor, a scrolling information “zipper,” or other on-screengraphics displaying current network or security information. Forexample, a zipper may be programmed and displayed using content from anAT&T Cyber Intelligences® report and various other sources, as approvedby the data center forensics team.

Block 206 represents the pre-produced and pre-scheduled security-relatedprograms which may be periodically broadcast over the network. Aprogramming schedule may be predetermined by the channel producers anddistributed to customers or posted on a web site related to thebroadcast channel. Since scheduled programs are pre-produced, suchprograms may be scheduled for broadcasting on a weekly, daily, or hourlyschedule, and may be consistently broadcast at the same relative timeand in the same format to attract and retain viewers for that particularprogram. Several examples of security-related scheduled programs aredescribed below, under the “Programs” heading.

Block 214 represents security alerts which may be broadcast over thechannel at any time, possibly superseding the dialtone programming, orsuperseding a pre-scheduled program. Since security alerts represent themost recent information available, and often require of a rapiddissemination of this information, they may be quickly produced andbroadcast, or even broadcast live over the channel. Thus, the incidentresponse security alerts may have rapid data analysis and minimalproduction time, and little or no delay between completion of theinternet alert video segment and its broadcast over the channel.

Block 220 represents the video content which will be broadcast over thechannel during the time period shown in this example. The broadcast iscontinuous, that is, even when no security alert or scheduled program isbeing broadcast, viewers will see the dialtone programming 204. Thepre-recorded, and pre-scheduled programs 208, 210, and 212 mayperiodically interrupt the dialtone programming 204. Incident responsesecurity alerts 216 and 218 may interrupt either the dialtoneprogramming 204, or a pre-scheduled program airing on the channel whenthe security alert is information is received at the data center. Inthis example, security alert 218 was received during a scheduled program212. The program 212 may be superseded by the internet alert 218, sothat viewers will not see the scheduled program 212, but instead willsee the current, and possibly urgent, security alert 218. In alternativeembodiments, the scheduled program 212 may be paused, and may resumefrom the point its broadcast was first interrupted by the security alert218. In further alternative embodiments, the incident response securityalerts 216 or 218 may be encrypted requiring decryption software todecrypt, for example, any known single, double or triple layerencryption/decryption software to prevent against hacking.

Referring to FIG. 3, a graphical screen shot is shown of promotionalmaterial relating to AT&T's Internet Security News Network, inaccordance with an embodiment of the present disclosure. Thispromotional material illustrates several different examples of ISNNprogramming. These ISNN programs, and the several other programdescriptions following, are not a complete list of ISNN programmingcontent, but are merely illustrative embodiments described to illustratepossible uses of the ISNN.

Programs

1. Live Image of the GNOC. The ISNN 102 may broadcast a 24 hour, 7 day aweek, live feed of the AT&T GNOC. This feed, along with severalpotential scrolling zippers or other on-screen graphics, may representthe ISNN dialtone broadcast. As discussed above, this program may besuperseded by a scheduled program, such as those discussed below, or byan incident response security alert report created in response to newsecurity data received at the ISNN data center 102.

2. Daily Newscast. The ISNN 102 may broadcast one daily special report,summarizing recent developments and news in the fields of internetsecurity. This report may be a news broadcast/webcast, recorded byanchor or forensic analyst in the ISNN data center. This report may benear-live, with a minimal content approval delay.

3. Expert Interview. The ISNN 102 may broadcast a weekly interview of aninternet security expect, for example, an AT&T expert. This programprovides the network an expert presence, and may be separatelymarketable to other broadcast networks and news venues. This interviewmay run approximate five minutes in length, and include static screenshots, and no location roll. The interview may be current eventsoriented, such as discussions of technical innovations, or reflectionson recent events in a perspective piece.

4. Customer Interview. The ISNN 102 may broadcast a weekly interview ofan AT&T customer, to demonstrate customers outreach and to attractaudience involvement. The interview may discuss the customer's weeklyexperiences, typical issues, and typical solutions, possibly includingAT&T proactivity and involvement.

5. Monthly Feature. The ISNN 102 may broadcast one or more monthlyfeature programming segments. These segments may be five to sevenminutes long, and may report on an in-depth study of a single networkissue. Such monthly features may not be as time-sensitive or specific assecurity alerts or other news updates, but may review issues in greaterdetail and depth. For example, the ISNN 102 may produce and broadcast asegment entitled, “Overview of VoIP and Where VoIP Is Heading,” whichincludes on-location footage.

6. “In the Hack.” The ISNN 102 may broadcast a weekly program featuringdiscussion among a roundtable of experts, regarding recentcomputer-related news and events.

7. “Ask the Expert.” The ISNN 102 may broadcast a viewer call-in programfeaturing an a internet security expert fielding customer calls andquestions submitted through the web site or over email.

8. “Weather on the 5's.” The ISNN 102 may broadcast an hourly internet“weather report” to describe current internet traffic conditions, virusactivity, system vulnerability, and other current internet information.This program may report one or more composite indices periodicallycomputed based on system and network monitoring programs. For example,this weather report may include the current Threat Reconnaissance Index(TRI) value, which is based on the Reconnaissance Index®, developed byAT&T, functions as a gauge of malicious activity on the internet. Thereport may further break down the score of each component of the TRI anddemonstrate the computation of the complete TRI composite value. In thisexample, the TRI may indicate the relative quantity of sources andrelative quantity of reconnaissance probes on the internet.Reconnaissance probes, which may be manual or automatic, attempt toidentify hosts, or target IP addresses, that may be vulnerable forexploit. In this example, the TRI value generation processes counts thenumber of unique hosts, or source IP addresses, performing scanning andcounts the number of probes associated with that scanning. Theprocessing then applies a formula and weighting factors to measuredcounts to provide a relative measure of activity. These measurements maybe taken periodically over time. A series of measurements may be use toevaluate the general trends in activity, or to provide a measurement ofthe level of attack-reconnaissance activity on the internet.Measurements may be taken on an hourly basis, so that the current TRIvalue, as well as the current TRI trend, may be reported and analyzedfor customers during this weather report. Other indices may similarly begenerated and reported during this weather report, including anotherindex, or a variation of the TRI, that is only calculated on a daily orweekly basis.

While the foregoing descriptions and the associated drawings may relateto a internet security news network, the present disclosure is adaptableto the many modifications, for example, stock tickers, travelerinformation systems, emergency preparedness, and other embodiments thatwill come to mind to one skilled in the art, having the benefit of theteachings presented.

1. A method for multicasting internet security news to subscribers of aninternet security news network, comprising: receiving data relating tointernet security, said receiving data relating to internet securityincluding receiving an information feed, said information feed includinga video presentation by a forensic analyst, said video presentationincluding one or more of protocols affects by a virus, install locationsof virus protection software, and install locations of a patch specificto the virus; and multicasting video content based on said data relatingto internet security to subscriber addresses associated with saidsubscribers of the internet security news network, the subscriberaddresses determined by comparing predetermined user preferences of saidsubscribers with a category associated with said data relating tointernet security; wherein said subscriber addresses comprise one ormore of a telephone number, an internet address, a physical businessaddress, a physical home address, and include a television channeladdress; said multicasting comprising a webcast available to subscribersthrough a web portal; and archiving said video content and publishinglinks at the web portal enabling subscribers to access said videocontent after said multicasting to subscriber addresses; wherein saiddata relating to internet security comprising an index value based on atleast one of internet traffic, internet virus activity, and a test ofinternet systems for security vulnerabilities; and said index valuecomprising a Threat Reconnaissance Index (TRI) value.
 2. The method ofclaim 1, said video content comprising graphics describing at least oneof the composite index value, the index trend, and the individualcomponents of the index.
 3. The method of claim 1, wherein saidinformation feed describes an incident response security alert,transmitted from a mobile unit, the location of said mobile unit beingrelated to an incident response security alert.
 4. The method of claim1, further comprising the step of verifying the source of the internetsecurity data.
 5. The method of claim 1, further comprising the step ofdecrypting encrypted internet security data.
 6. A method forbroadcasting internet security news, comprising the steps of:transmitting default video content over a broadcast channel; receiving,at an internet security data center, data relating to internet security;producing video content based on said data relating to internetsecurity, said video content including one or more of protocols affectsby a virus, install locations of virus protection software, and installlocations of a patch specific to the virus; interrupting thetransmitting of said default video content; and transmitting saidproduced video content over said broadcast channel to subscriberaddresses associated with said subscribers of the internet security newsnetwork, the subscriber addresses determined by comparing predetermineduser preferences of said subscribers with a category associated withsaid data relating to internet security; wherein said subscriberaddresses comprise one or more of a telephone number, an internetaddress, a physical business address, a physical home address, andinclude a television channel address; said broadcasting comprising awebcast available to subscribers through a web portal; and archivingsaid video content and publishing links at the web portal enablingsubscribers to access said video content after said broadcasting tosubscriber addresses; wherein said data relating to internet securitycomprising an index value based on at least one of internet traffic,internet virus activity, and a test of internet systems for securityvulnerabilities; and said index value comprising a Threat ReconnaissanceIndex (TRI) value.
 7. The method of claim 6, said broadcast channelcomprising a cable television broadcasting channel.
 8. The method ofclaim 6, said default video content comprising a live video recording ofsaid internet security data center.
 9. The method of claim 8, saidproduced video content comprising a video recording of a news broadcastrelated to internet security, said news broadcast recorded at adedicated internet security news studio.
 10. A non-transitorycomputer-readable medium having computer-executable instructions forperforming steps comprising: receiving internet security-related datafrom an internet security monitoring software program; analyzing saidinternet security-related data; producing graphical video content basedon said internet security-related data, said graphical video contentincluding one or more of protocols affects by a virus, install locationsof virus protection software, and install locations of a patch specificto the virus; determining subscriber addresses, based on one of internetaddresses of user terminals, a telephone number, a physical businessaddress, a physical home address, and a television channel addressassociated with subscribers of an internet security news network; andtransmitting said graphical video content to said subscriber addresses;wherein wherein determining said subscriber addresses comprisescomparing predetermined user preferences of a subscriber with a categoryassociated with said internet security-related data; and a webcastavailable to subscribers through a web portal; archiving said graphicalvideo content and publishing links at the web portal enablingsubscribers to access said graphical video content after transmitting tosubscriber addresses; wherein said data relating to internet securitycomprising an index value based on at least one of internet traffic,internet virus activity, and a test of internet systems for securityvulnerabilities; and said index value comprising a Threat ReconnaissanceIndex (TRI) value.
 11. The non-transitory computer-readable medium ofclaim 10, wherein the transmitting said video content comprises awebcast.
 12. The non-transitory computer-readable medium of claim 10,wherein said graphical video content comprises at least one of thecomposite index value, the index trend, and the individual components ofthe index.
 13. The non-transitory computer-readable medium of claim 10,wherein said user preferences comprise a list of pre-scheduledsecurity-related programs selected by the subscriber.
 14. Thenon-transitory computer-readable medium of claim 10, wherein said userpreferences comprise a category of incident response security alertsselected by the subscriber.
 15. A method for producing internet securitynews content for multicasting to subscribers of an internet securitynews network, comprising: receiving data relating to internet security;and producing video content based on said data relating to internetsecurity, said video content for multicasting to subscriber addressesassociated with said subscribers of the internet security news network,said video content including one or more of protocols affects by avirus, install locations of virus protection software, and installlocations of a patch specific to the virus, the subscriber addressesdetermined by comparing predetermined user preferences of saidsubscribers with a category associated with said data relating tointernet security; wherein said subscriber addresses comprise one ormore of a telephone number, an internet address, a physical businessaddress, a physical home address, and include a television channeladdress, said multicasting comprising a webcast available to subscribersthrough a web portal; and archiving said video content and publishinglinks at the web portal enabling subscribers to access said videocontent after said multicasting to subscriber addresses; wherein saiddata relating to internet security comprising an index value based on atleast one of internet traffic, internet virus activity, and a test ofinternet systems for security vulnerabilities; and said index valuecomprising a Threat Reconnaissance Index (TRI) value.
 16. The method ofclaim 15, said producing step comprising recording a forensic analystreading a script, said script comprising a description of an internetsecurity alert and a location of a software patch associated with saidsecurity alert.
 17. The method of claim 16, said script furthercomprising a description of computer systems potentially affected by thesecurity alert.